The Common Criteria

Cs5493(7493)

CC: Background

The need for independently evaluated IT security products and systems led to the TCSEC Rainbow series

CC: Background

• 1996 - The CC was conceived following the TCSEC, Rainbow series.• The Rainbow series was used as a guide and

model for the CC.• 1997 NIAP is formed (National Information

Assurance Partnership)• Published in 1998

CC: Background

1999 Adopted by the ISO (International Standards Organization, ISO-15408)

2000 Evaluations performed by accredited labs with government oversight and validation.

2003 NSA Assumes responsibility for CCEVS (CC Evaluation and Validation Scheme)

CC Purpose

• To provide consistent evaluation standards to IT products and systems

• To improve the availability of evaluated security-enhanced IT products and systems.

• To eliminate duplicating evaluations of IT products and systems.

• To improve the efficiency and cost-effectiveness of the evaluation process.

CC

The CC does not define the features of an IT product

The CC does not require the product itself be secure

The CC is a common framework for an evaluation process.

CC

By placing focus on security evaluation process, and not on the actual product design, vendors can keep their technology proprietary.

The CC Process

IT products are organized into categories:

http://www.commoncriteriaportal.org/products

The CC Process

The CC process is centered around an IT product referred to as the Target Of Evaluation: TOE.

The CC Process is determined for the TOE by three documents:

1. The Protection Profile (PP)2. The Security Target (ST)3. The Certification/Validation Report

CC General Requirements

• Functional security requirements – define desired security behavior.

• Assurance requirements – indicating claimed security measures are effective and implemented correctly.

The CC Process: Protection Profile

Each IT category has at least one document describing the functional and assurance security requirements. These documents are known as Protection Profiles

CC: Protection Profile

Created by a user, user community, laboratory, etc.

NIAP is currently working on a standard protection profile for each technology category.

CC : Protection Profile

Contains a description of threats Security objectives Security functional requirements Security assurance requirements etc

CC : Security Target

The Security Target (ST) document is usually written by the developer/vendor of the IT product.

CC : Security Target

The document contains information on how the TOE fulfills the security objectives outlined in the PP.

CC : Evaluation

• The evaluation process is used to determine if the security target (ST) is satisfied for the target of interest (TOE).

• The TOE developer requests the evaluation.• Evaluation only occurs when the product is

complete• Cost of the evaluation is negotiated between

the developer and the evaluator.

CC : Evaluations

A validation/certification report documents the evaluation findings.

CC : Validation

Validation for the TOE comes in the form of a Validation/Certification Report.

The Validation report assigns an EAL to the TOE.

CC : EAL

Evaluation Assurance Levels Levels 1 through 7 The EALs reflect the degree of confidence a

user can have in the performance of the TOE EAL – 1 are no longer done by accredited labs EAL – 2 through 4 are assigned by one of the

accredited labs EAL 4+ are assigned by the NSA

CC : EAL

EAL 1-4 do not require evaluation of the software, only the development process

EAL 4+ require more rigorous design evaluation.

CC Sustainability Cycle

– Revisions are required as vulnerabilities are discovered

– Each revision may require re-evaluation

Accredited Evaluators

NIST accredits the evaluators There are 15 countries that have accredited

evaluators. There are 11 other countries that support

the CC standards.